Sony claims innocence in latest rootkit debacle

Sony claims the rootkit-like behaviour of a device driver used to run its biometric MicroVault USB drive, was unintentional.

Sony Sweden representative Fredrik Fagerstedt told local press this week that sometimes even actions taken with "good will" can go wrong.

Fagerstedt's comments come the same day that antivirus firm McAfee joined the growing chorus of companies to criticise Sony for compromising its customers' security.

McAfee reported that Taiwan's FineArt Technology Co. Ltd, which makes encryption software for PCs and laptops, was responsible for creating the offending software.

McAfee's Aditya Kapoor and Seth Purdy wrote in a blog: "the authors apparently did not keep the security implications in mind" when designing the installation method.

Kapoor and Purdy catalogued the incident as one of the worst examples of "nasty rootkits that use blended techniques to hide or protect themselves."

Echoing F-Secure's Patrik Runald, the McAfee bloggers said the default installation path does nothing to stop malware authors from copying code to a directory of their choice and executing it in that location.

They added that another easy hack for malware authors would be to launch code from their chosen directory and add a start-up entry for the software to ensure it is hidden immediately on the PC's boot-up.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.